The goal of this paper lead by FR, which was presented at the Cobi 2014 workshop as full paper, is to depict compliance concepts and the relations between them, as a conceptual meta-model. It aims to assist business analysts to extract compliance rules from compliance documents and to enable compliance enforcement in all the phases of business process lifecycle.
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
COBI 2014 - Designing a Meta Model as the Foundation for Compliance Capability
1. STRATIGAKI CHRISTINA
PROF. LOUCOPOULOS PERICLES
PROF. NIKOLAIDOU MARA
HAROKOPIO UNIVERSITY OF ATHENS
Designing a Meta Model as the
Foundation for
Compliance Capability
3. DIT@HUA 3
Scientific context-Definitions
1Sadiq, S., et al. (2007). Modeling Control Objectives for Business Process Compliance. 5th International Conference on Business Process Management.
2Yapp, C. and Fairman, R. Assessing Compliance with Food Safety Legislation in Small Businesses. British Food Journal, 107, 3 2005), 150-161.
3Vickers, I., James, P., Smallbone, D. and Baldock, R. Understanding Small Firm Responses to Regulation: the Case of Workplace Health and Safety. Policy
Studies, 26, 2 2005), 149-169.
4Small_Business_Research_Centre. The Impact of Regulation on Small Business Performance. 2008.
5Blackburn, R., Hart, M., Smallbone, D., Kitching, J., Eadson, W. and Bannon, K. Analysis of the Impact of the Tax System on the Cash Flow of Small
Businesses: A Report for HM Revenue and Customs (HMRC). 2005.
6Edwards, P., Ram, M. and Black, J. The Impact of Employment Legislation on Small Firms: a Case Study Analysis. DTI Employment Relations Research Series
No. 202003).
Compliance capability
Have the ability and the capacity to manage regulations within an
organization.
Concept of compliance
Compliance denotes that the execution of certain business processes
complies with a set of regulations1
Why?
It is faced differently across all businesses6.
1. Business owner’s awareness of regulation4
2. Different attitudes3
3. Capacity of business owner to discover, interpret and adapt to a regulation5
4. DIT@HUA 4
Scientific context-Objective
Regulatory
Compliance
Capability
to manage
regulations
Develop a
solid
methodology
Concept of compliance
Compliance capability
Objective
Business processes will ensure that enterprise actors conforms to
a set of standards
Information system will assist in process enactment.
HOW?
5. DIT@HUA 5
Scientific context- Primary Scope
1. Define a meta-model that could act as the kernel of a
compliance development methodology.
2. To use the meta-model as the means to developing a
repository for supporting such a methodology.
6. DIT@HUA 6
Scientific context-Analysis of existing approaches
1Papazoglou, M. P. (2011). Making Business Processes Compliant to Standards & Regulations. The 16h IEEE International Enterprise Computing Conference
(EDOC 2011). Helsinki, Finland.
1Turetken, O., et al. (2012). "Capturing Compliance Requirements: A Pattern-Based Approach." IEEE Software May/ June 2012: 28-36.
1Turetken, O., et al. (2011). Enforcing compliance on business processes through the use of patterns. European Conference on Information Systems (ECIS
2011). Helsinki, Finland: Paper No. 5.
2COSO Internal Control – Integrated Framework. Committee of Sponsoring Organizations of the Treadway Commission City, 1994.
3Sadiq, S., et al. (2007). Modeling Control Objectives for Business Process Compliance. 5th International Conference on Business Process Management.
COMPAS1-Focused on compliance awareness.
Model-driven engineering approach and used
annotation techniques for relating system and
requirement models at design-time.
Sadiq, Governatori et al. 20073 Modelling control
objectives within BP structures.
A basic model to capture compliance requirements.
COSO Framework2 offered the internalization of
abstract compliance requirements into a set of
organization-specific concrete norms.
7. DIT@HUA 7
Scientific context-Scope
Design a compliance meta-model with a specific focus
on the compliance domain description and identification.
It is essential to develop a meta-model for compliance
management that will be useful and ready to be
applied in all phases of BP lifecycle.
8. DIT@HUA 8
Proposed meta-model for
compliance
1Conklin, E. J. and K. C. B. Yakemovic (1991) A Process-Oriented Approach to Design Rationale, Human-Computer Interaction 6(3,4): 357-391.
1Lee, J. and K.-Y Lai (1991) What's in Design Rationale? , Human-Computer Interaction 6(3,4): 251-280.
1Jarczyk, A. P. J., P. Loffler and F. M. Shipman III (1992) Design Rationale for Software Engineering: A Survey, 25th Hawaii International Conference on System
Sciences, Conference, Kauai, Hawaii, IEEE Computer Society Press: 577-586.
1Louridas P.,Loucopoulos P. (2000) A Generic Model for Reflective Design, ACM Transactions, on Software Engineering and Methodology 9(2):199-237
The functionality of the meta-model would be the semantic
definition and description of the notions of compliance
The methodology followed for the construction of the meta-model
is presented as a design rationale1
Hypotheses
Justifications
Design
Action
Goal
Problem Analysis
Evaluation
Resolution
Problem Setting
10. DIT@HUA 10
Starting point
Maintain the
entities:
Compliance
source(further
analysis)
Compliance
rule(further
analysis)
Examine the section
of BPs as a
compliance rule
target
13. DIT@HUA 13
Use the sections of
the meta-
model(teleology,
methodology and
ontology) as a
conceptual compass
Variability and
differentiability among
the legal documents
Examine the usability
of the proposed
entities
Instantiate the meta-model/ Design Rationale
Port Authority Act-Montserrat
HealthCare Regulation of
Massachusetts
SLA-Managed IT Support
Compendium concepts
14. Healthcare regulation1 instance of
Teleology and Methodology sections
Teleology
Methodology
DIT@HUA 14
1State_of_Massachusetts General Laws-Public Health. City, 2012.
15. DIT@HUA 15
Ontology/Applicability section-Abortion regulation
Complex rules Simple Rules
CR1 Description:
If a pregnancy has existed for less than twenty-four weeks no
abortion may be performed except by a physician and only if, in
the best medical judgment of a physician, the abortion is necessary
under all attendant circumstances.
MTL Expression:
Pregnancy CoExists Judgment_of_Abortion_as_Necessary LeadsTo
Performance_of_Abortion PerformedBy Physician
SR1a Text Description:
If a pregnancy has existed for less than
twenty-four weeks no abortion may be
performed except by a physician.
MTL Expression:
Pregnancy ExistsMax 24 weeks LeadsTo
Performance_of_Abortion PerformedBy Physician
SR1b Text Description:
The abortion may be performed only if the
physician has ruled as necessary under all
attendant circumstances.
MTL Expression:
Judgment_of_Abortion_as_Necessary LeadsTo
Performance_of_Abortion PerformedBy Physician
16. DIT@HUA 16
Remarks about the instantiations
In every instance the perception for each entity
was the same for the modeler
The use of patterns and MTL expressions
improve the understanding of rule’s syntax
The methodology section of the meta-model is
very important for compliance management and
categorization
Complex and simple rule entities are describing
accurately the structure of rule as both
semantically and lexically.
The applicability section of the meta-model is
perfectly defining the factors that a rule affect
17. Ontological analysis
Evaluation of completeness and expressiveness of the
proposed meta-model.
The ontological analysis requires a representation of mapping
of the ontological concepts to its corresponding meta-model
concepts.
An ontology in OWL will increase the usability of the meta-
model
DIT@HUA 17
Ongoing research
19. DIT@HUA 19
Open issues
Possible changes and adjustments in the meta-model
Further study and analysis on the
methods of extraction rules from a
legal document
Combine textual and
semantic extraction of
rules for robust results
Evolve the OWL ontology Ontology-Reasoning
21. 1. Bulygin, E. What Can One Expect from Logic in the Law? (Not Everything, but More than Something: A Reply to Susan Haack). Ratio
Juris, 21, 1 2008), 150-156.
2. Siena, A., Ingolfo, S., Perini, A., Susi, A. and Mylopoulos, J. Automated Reasoning for Regulatory Compliance. City, 2013.
3. Mitchell, S. and Switzer, C. S. GRC Capability Model "Red Book" 2.0. OCEG, 2009.
4. Ghose, A. K. and Koliadis, G. Auditing business process compliance. City, 2007.
5. Namiri, K. and Stojanovic, N. A Formal Approach for Internal Controls Compliance in Business Processes. In Proceedings of the 8th
Workshop on Business Process Modeling, Development and Support (BPMDS'07) (2007)
6. Buksa, I. Business Process and Regulations Compliance Management Technology. In Proceedings of the The CAiSE Doctoral Consortium
2011 (London, UK, 2011). http://ceur-ws.org/Vol-731/, [insert City of Publication].
7. State_of_Massachusetts General Laws-Public Health. City, 2012.
8. BPM_Forum. CEE: the Future. Building the Compliance Enabled Enterprise. Report Produced by Global Fluency in Partnership with: AXS-
One. 2006.
9. Ram, M., Gilman, M., Arrowsmith, J. and Edwards, P. Once More into the Sunset? Asian Clothing Firms after the National Minimum
Wage. Environment and Planning C: Government and Policy, 21, 1 2003), 71-88.
10. Yapp, C. and Fairman, R. Assessing Compliance with Food Safety Legislation in Small Businesses. British Food Journal, 107, 3 2005),
150-161.
11. Vickers, I., James, P., Smallbone, D. and Baldock, R. Understanding Small Firm Responses to Regulation: the Case of Workplace Health
and Safety. Policy Studies, 26, 2 2005), 149-169.
Suggested Bibliography
DIT@HUA 21